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REMARKS 



In the Office Action, dated November 26, 2008, the Examiner states that Claims 
15 and 16 are pending, and Claims 15 and 16 are rejected. By the present 
Amendment, Applicant amends the claims. 

In the Office Action, Claims 15 and 16 are rejected under 35 U.S.C. §102(e) as 
being anticipated by Asokan et al. (US 2002/0161723). The Applicant has cancelled 
those claims, and presents new Claims 17-29, which the Applicant considers are novel 
and not obvious, for at least the following reasons. 

The amended claims aim to clarify the invention in the light of the prior art 
(including the prior art listed in the International Search Report which issued on the 
international application). 

For example, in order to emphasize the underlying operation of the invention, in, 
particular that the virtual cardholder control means, and in an attempt not to change the 
scope of the invention, the independent claims include the following integers: 

"simulating an internet browsing session between the cardholder and a merchant 
Plug-in URL"; and 

"sending an authentication request message to an Issuer access control means 
by simulating an internet browsing session between the cardholder and the 
Issuer Access Control Means". 

Fair basis for the first of the abovementioned integers can be found in the 
application on page 10, the last sentence of the first paragraph, while fair basis for the 
second of the abovementioned integers can be found in the first sentence of the last 
paragraph on page 10. In amending claims, no new matter was added. 

The amended claims are also aimed at obtaining more comprehensive protection 
for the invention. 
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Turning to the Office Action, the Applicant respectfully disagrees with the 
Examiner's rejection of Claims 15 and 16 as being anticipated by US 2002/0161723. 

Firstly, the present invention relates to a system and method that enable financial 
institutions and merchants to use the 3-D Secure™ online cardholder authentication 
protocol to authenticate cardholders transacting with non-internet enabled devices (see 
page 4 the second paragraph). The invention operates as a proxy on behalf of the 
cardholder and simulates a core 3-D Secure™ session to a merchant plug-in and an 
issuer financial institution access control server (ACS), it is necessary for the invention 
to operate as a proxy in the light of the cardholder being unable to access the merchant 
website through a web browser as the device used to access the system is non-internet 
enabled. The system and method therefore allow for the conversion of voice or data 
based messages received from non-internet enabled devices into a format that is 
consistent with the requirements of the 3-D Secure™ protocol. 

The functionality enabling this is described in detail in first paragraph on page 10, 
where it is stated that a virtual cardholder system 104 extracts a unique identifier 
associated with non-internet enabled device 101 from a purchase request message 
received from a non-internet enabled device 10, matches it with a corresponding value 
stored on a database, extracts a primary account number (PAN), Expiry Date and Card 
Verification Value (CW) if credit, retrieves a merchant plug-in URL from purchase 
request message and, simulating an Internet browser , starts an http/s session with the 
merchant plug-in 105. 

Later, in the final paragraph on page 10 and first paragraph on page 11 it Is 
further explained that the virtual cardholder system 104 acts on behalf of the cardholder, 
again simulates an Internet browser and posts another message to an issuer access 
control server 107. Issuer access control server 107 responds by sending an HTML 
purchase authentication page to the virtual cardholder system 104, which is stored by 
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the virtual cardholder system 104. 

Turning to the fifth paragraph on page 1 1 , the virtual cardholder system 1 04 
again acts on behalf of the cardholder to extract cardholder credentials from a further 
message received from the non-intemet-enabled device; parses the stored HTML page 
recognizing the cardholder credentials field; inserts the cardholder credentials; the 
appropriate field and posts the HTML purchase authentication page to the issuer access 
control server 107. The issuer access control server 107 then accepts the cardholder 
credentials; authenticates it against the account holder database and responds to virtual 
access control server 107 with an authentication response message. 

The interaction between the cardholder and the entities of the 3-D Secure 
protocol provides a secure space for interaction between the cardholder and the entities, 
of the 3-D Secure protocol. 

From the above, in combination with the further functionality of the invention 
described in the specification, it describes how the virtual cardholder system acts on 
behalf of the cardholder, in various steps, thereby allowing the 3-D Secure™ protocol to 
be implemented specifically when a purchase request is received from a non-internet 
enabled device. 

In contrast, US 2002/0161723 relates to a system and method of secure 
authentication and billing using cellular telecommunication and authorized 
infrastructure. The abstract sets out that this patent application uses digital signatures 
based on a shared signing key and being verified using a signature verification service. 
Most of the patent application focuses on these keys being transmitted between 
different entities within the system, the use of signatures and digital certificates. 

For example, this patent application discloses validating the identity of a mobile 
station being used in the system utilizing long term keys stored in the mobile station and 
an authentication center. 



Page 9 of 12 

PAGE 9/13 * RCVD AT 5/26/2009 2:59:55 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-5/45 * DNIS:2738300 * CSID:312 427 6663 * DURATION (mm-9S): 02-20 



05/26/2009 14:02 FAX 312 427 6663 



LADAS & PARRY LLP 



@)0010/0013 



Application Serial No, 10/562,773 

Reply to Office Action of November 26, 2008 



PATENT 
Docket: CU-4643 



The filed of the invention (paragraph [0002] further indicates that the invention 
"bootstraps an authorization infrastructure so that subscribers of a cellular 
telecommunication system can buy goods and services from sellers and arrange for 
payment through the subscriber's telephone bill using a mobile terminal which ensures 
that errors and fraud do not take place relating to the payment". Therefore, this 
document relates to the verification of the identity of the mobile station used 
(paragraphs [0010], [001 1] and [0031]) in order *to utilize mobile station similarly to a 
credit card to pay for goods and services". It is for this reason that US 2002/01 61 723 is 
silent on credit or debit card usage or authentication of these cards, but rather focuses 
on the validity of the identity of the mobile phone. In contrast, the authentication of 
credit cards is the focus of the present invention. 

The rejection states in the Office Action that although particular references 
contained in the prior art are pointed out, the Application should, in preparing the 
response, consider fully the entire reference as well as the context of the passage as 
taught by the prior art. The Applicant respectfully submits that the same applies to the 
specification and claims of the present invention, and point out that there is few 
similarities and many differences between the present invention and US 2002/0161723. 

In this regard, and turning to new Claim 17, the Applicant points out that the prior 
art does not disclose a transaction initiated from a mobile device by a card holder. As 
mentioned above, the user of the mobile device of the prior art is not a card holder, but 
merely a user of a mobile device. 

The prior art further does not disclose or even suggest any of the following 
integers of new Claim 14: 

simulating an internet browsing session between the cardholder and a Merchant 
Plug-in URL; 
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sending an authentication request message to an Issuer access control means 
by simulating an internet browsing session between the cardholder and the 
Issuer access control means ; 



receiving a purchase authentication page from the Issuer access control means; 

extracting displayable information from the purchase authentication page and 
storing the purchase authentication web page; 

parsing the store purchase authentication page and recognizing the cardholder 
credential field(s); 

inserting the cardholder credentials into the purchase authentication page; 

sending the populated purchase authentication page to the Issuer access control 
means. 



For example, the only mention of a URL in the prior art document is in paragraph 
[0032], However, this URL is the address of the signature verification service and not 
that of the seller. Also, although it is fair to assume that the mobile device of the prior 
art will access a seller/merchant website, there is no disclosure of any simulation of 
such an internet browsing session. 

In fact, there is no disclosure in US 2002/0161723 of the system acting as a 
proxy. There is also no mention of the 3D Secure protocol which is part of the very 
essence of the present invention. The integers relating to the extraction of displayable 
information from the purchase authentication page, parsing the store purchase 
authentication page and recognizing the cardholder credential field(s), inserting the 
cardholder credentials into the purchase authentication page are also absent from the 
prior art document. 
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The same arguments apply to the lack of disclosure insofar as new Claim 24 is 
concerned. 

The Applicant respectfully further submits that although the solution seems 
simple, it should be viewed against various systems that have attempted to combine the 
use of credit cards with mobile devices. Many of these proposals relate to either using 
credit cards in mobile devices, or using SIM cards or smart cards of mobile devices as 
new types of credit card. The present invention effectively provides for credit card 
transactions through the use of mobile devices, which solution only became possible 
after the introduction of the 3-D Secure protocol in e-commerce transactions. The 
secure environment provided by the present invention is not dependent on mobile 
device software or mobile device card technology, but employs a creative application of 
the 3-D Secure protocol and interacts with the the entities of this trusted technology. 

In light of the foregoing response, all the outstanding objections and rejections 
are considered overcome. Applicant respectfully submits that this application should 
now be in condition for allowance and respectfully requests favorable consideration. 



Respectfully submitted, 





Date 



Attorney for Applicant 
Brian W. Hameder 
do Ladas & Panry LLP 
224 South Michigan Avenue 
Chicago, Illinois 60604 
(312) 427-1300 
Reg. No. 45613 
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